<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>
  Release 2.2.0
</title>
</head>
<body bgcolor="#ffffff">
<h1>Release 2.2.0</h1>
<p>
The following changes were made in this release:
</p>

<h2>Major changes:</h2>

<h3>Issue 717 : Scripts: support multiple scripts and embedding within ZAP components</h3>
<h3>Support for Mozilla Zest: https://developer.mozilla.org/en-US/docs/Zest</h3>
<h3>Support for Mozilla Plug-n-Hack: https://developer.mozilla.org/en-US/docs/Plug-n-Hack</h3>
<h3>Support for scanning headers as well as JSON and XML formats</h3>

<h2>Minor changes:</h2>

<h3>Issue 711 : Support scanning of XML requests</h3>
<h3>Issue 713 : Add CWE and WASC numbers to issues</h3>
<h3>Issue 719 : Custom http break points with more options</h3>
<h3>Issue 738 : Options to hide tabs / windows</h3>
<h3>Issue 750 : Upgrade script console to support non textbased scripting languages</h3>
<h3>Issue 752 : Create a new root CA when first run</h3>
<h3>Issue 775 : Allow host to be set via the command line</h3>


<h2>Bug Fixes:</h2>

<h3>Issue 555 : Http panels default to hex view</h3>
<h3>Issue 599 : The save session api does not allow to overwrite session already has same name</h3>
<h3>Issue 630 : URLCanonicalizer.getCanonicalURL produces URIs "half" decoded</h3>
<h3>Issue 631 : URLCanonicalizer.buildCleanedParametersURIRepresentation returns URIs in percent-encoded form and decoded</h3>
<h3>Issue 652 : Shutdown after a big scan takes too long (deleting ascan records)</h3>
<h3>Issue 655 : API encoding issues</h3>
<h3>Issue 665 : NullPointerException while proxying with a URI with an empty path component</h3>
<h3>Issue 666 : JSONException while calling an API action without the required parameter(s)</h3>
<h3>Issue 669 : Certificate algorithm constraints in Java 1.7</h3>
<h3>Issue 674 : Add HttpSessionAPI to ApiGeneratorUtils</h3>
<h3>Issue 685 : Add dummy file to "fuzzers" directory</h3>
<h3>Issue 686 : Log HttpException (as error) in the ProxyThread</h3>
<h3>Issue 687 : Change HTTP response header parser to be less strict</h3>
<h3>Issue 690 : Context Authentication URLs don't fail manual overwriting.</h3>
<h3>Issue 691 : Handle old plugins</h3>
<h3>Issue 692 : Report the version of java found by zap.sh</h3>
<h3>Issue 693 : Command line should show all options</h3>
<h3>Issue 694 : API UI fails on IE</h3>
<h3>Issue 695 : Sites tree doesnt clear on new session created by API</h3>
<h3>Issue 696 : Change "Ajax Spider" add-on options to use ZapNumberSpinner</h3>
<h3>Issue 697 : API action "proxy.pac" might return wrong domain/port</h3>
<h3>Issue 698 : Passive Scanner API view "recordsToScan" returns -1 after finish scanning the messages</h3>
<h3>Issue 699 : Fix HTML errors in the help pages</h3>
<h3>Issue 702 : Do not load newer add-on versions if they are not targeted for the running ZAP version</h3>
<h3>Issue 703 : Add-on ZAP version constraints "not-before-version" and "not-from-version" are not respected for already "installed" add-ons</h3>
<h3>Issue 706 : ZAP API doesn't parse correctly query parameters with "&amp;" characters</h3>
<h3>Issue 710 : URLCanonicalizer.getCanonicalURL fails to correctly parse query parameters with "&amp;" and "=" characters</h3>
<h3>Issue 712 : HttpSessions API action "setSessionTokenValue" should add the session token name to the site's session tokens</h3>
<h3>Issue 720 : Cannot send non standard http methods</h3>
<h3>Issue 721 : Non POST and PUT requests receive a 504 when server expects a request body</h3>
<h3>Issue 724 : Do not clone the alert's message that will be shown in message panels</h3>
<h3>Issue 725 : Clear alert's panel fields</h3>
<h3>Issue 726 : Catch active scanner variants' exceptions</h3>
<h3>Issue 727 : Name of automatically created HTTP sessions is always in English</h3>
<h3>Issue 728 : Allow to create a session with a given name through the HttpSessions API</h3>
<h3>Issue 729 : Update NTLM authentication code</h3>
<h3>Issue 730 : MissingResourceException while selecting a disabled extension (from an add-on) in the "Extensions" options panel</h3>
<h3>Issue 731 : MissingResourceException with ExtensionFuzz enabled and ExtensionBruteForce disabled</h3>
<h3>Issue 736 : Change add-on class loading strategy to parent-last</h3>
<h3>Issue 737 : Restore "Ajax spider" add-on dependencies</h3>
<h3>Issue 756 : Allow Context Panels intercommunication</h3>
<h3>Issue 763 : XML report empty when used in daemon mode</h3>
<h3>Issue 764 : HTTP fuzz results dont support right click menus</h3>
<h3>Issue 766 : Searching fuzz results doesnt include the header</h3>
<h3>Issue 767 : HTTP Session API could be less strict</h3>
<h3>Issue 772 : Restructuring of Saving/Loading Context Data</h3>
<h3>Issue 774 : Build doesnt include scripts directory</h3>
<h3>Issue 776 : Allow add-ons to warn user if they're closing ZAP with unsaved resources open</h3>
<h3>Issue 777 : Unable to cancel changes when using Include in/Exclude from Context</h3>
<h3>Issue 782 : NoSuchMethodError when excluding a WebSocket channel URL from context</h3>
<h3>Issue 785 : Change zap.sh to cope with Java 1.8</h3>
<h3>Issue 786 : Snapshot session menu item not working</h3>

<h2>See also</h2>
<table>
<tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td>
<a href="../intro.html">Introduction</a></td><td>the introduction to ZAP</td></tr>
<tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td>
<a href="releases.html">Releases</a></td><td>the full set of releases</td></tr>
<tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td>
<a href="../credits.html">Credits</a></td><td>the people and groups who have made this release possible</td></tr>
</table>
</body>
</html>
